HTTP Strict Transport Security (HSTS
) is a web security policy mechanism which helps to protect secure HTTPS
websites against downgrade attacks and cookie hijacking.
It allows web servers to declare that web browsers or other complying user-agents should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.
HTTP Strict Transport Security is an IETF standards track protocol and is specified in RFC 6797.
The HTTP Strict Transport Security Policy is communicated by the server to the user agent via an HTTP Header Field response header field named "Strict-Transport-Security". HTTP Strict Transport Security Policy specifies a period of time during which the user agent shall access the server in a secure-only fashion.
There might be more information for this subject on one of the following: